Frequently Asked Questions about CimTrak

I already have a firewall and intrusion detection system. Why do I need CimTrak?
How long does it take to detect a change?
Does the CimTrak Agent consume a lot of the server's resources?
Does it save the changes that were made?
Is there a limit to the number of systems I can monitor?
Can I exclude certain files from monitoring?
If it prevents all changes from occurring, how do I make a change?
Does it work with my existing web publishing tools?
How does it notify me of changes or alarms?
What operating systems can CimTrak run on?
Does CimTrak work in virtual environments such as VMware?
Can it integrate to my existing network monitoring tools?
Can it monitor and restore my Windows OS directory?
Can I monitor servers across the Internet?
How safe is my data? Is it ever exposed?
Can I install the CimTrak Repository, Agent, and Client all on the same machine? 

I already have a firewall and intrusion detection system. Why do I need CimTrak?

Firewalls and intrusion detection systems are both important tools in securing enterprise and web server environments. However, firewalls are not bulletproof against good hackers and they can't do anything against unauthorized changes inside the firewall. Also, intrusion detection systems don't provide the necessary corrective action required in response to a website defacement or attack. CimTrak provides a "last line of defense" when existing security mechanisms have been compromised, by instantly restoring any modified files and ensuring the integrity of your system.

How long does it take to detect a change?

The CimTrak Agent detects file changes in real time. The entire process from detection, comparison, and restore (if necessary) usually takes place in a fraction of a second.

Does the CimTrak Agent consume a lot of the server's resources?

No. Detection is accomplished without taxing the server's valuable resources. The Agent does not poll the server CPU or hard drive during operation.The only time any noticeable resources are required is during a "lock" event when files are digitally signed and transferred to the CimTrak master repository, or when a change is detected and CimTrak takes the necessary corrective action. Even in these situations, the resource requirements are very reasonable.

Does it save the changes that were made?

An option is available to safely quarantine any modified files in the master repository. You can also specify a maximum size limitation for quarantined files in order to prevent transferring large files that may consume bandwidth and resources. Quarantined files may be safely viewed or extracted from the repository using CimTrak Client.

Is there a limit to the number of systems I can monitor?

No. The only limitations are the physical resources of the workstation or server housing the CimTrak Server and Master Repository. The CimTrak Server can support multiple remote servers.

Can I exclude certain files from monitoring?

Yes. When a policy is configured using the CimTrak Client, the user selects which directories and files are to be monitored, and which files are excluded from that list. This is necessary for files that are inherently dynamic, or created on the fly by applications.

If it prevents all changes from occurring, how do I make a change?

Changes can be made by an administrator or authorized user. The specific Object to be changed is "unlocked" from the Client utility. Once unlocked, the Object can be updated using your established procedures. When the update is complete, the Object is "locked" and the Agent establishes a new baseline in the Master Repository and resumes monitoring. If the Object remains unlock for a predetermined length of time, an alert message will be sent to all appropriate users.

Does it work with my existing web publishing tools?

Yes. Common web publishing tools such as Dreamweaver can still be used with only a minor additional step in the process. The Object or website must be "unlocked" through the CimTrak Client before new files are transfered to web server and "locked" upon completion. Plug-ins to allow you to "unlock" and "lock" from within these common applications will be available in future releases.

How does it notify me of changes or alarms?

Alerts are sent via email, text messaging, and SNMP traps.

What operating systems can CimTrak run on?

Many. CimTrak is available for a variety of Windows, Linux, Macintosh, and UNIX operating systems.

Does CimTrak work in virtual environments such as VMware?

Yes. CimTrak works on both physical and virtual server environments.

Can it integrate to my existing network monitoring tools?

Yes. CimTrak supports Syslog and SNMP traps.

Can it monitor and restore my Windows OS directory?

 CimTrak can monitor an operating system directory, such as c:\winnt, for modifications and for files that have been illegally added to that directory. It is typically recommended that OS directories be monitored for changes only. If you would like to restore files in the OS directory, you must ensure to exclude appropriate files.

Can I monitor servers across the Internet?

Yes. Server Agents can safely communicate to a CimTrak Server accross both the Internet and LAN/WAN's. This is possible due to the CimTrak's communication and encryption architecture.

How safe is my data? Is it ever exposed?

CimTrak stores all files in the Master Repository in an encrypted and compressed format. All communication between the Agent and the CimTrak Server is also encrypted. This ensures that your repository files are never exposed in their native format.

Can I install the CimTrak Repository, Agent, and Client all on the same machine?

All three CimTrak components can be installed on the same machine. However, best practices and CERT recommended guidelines are to maintain an authoritative copy on a separate machine. This means keep the CimTrakCimTrak Master Repository on a separate secured workstation or server apart from the actual monitored server. The Client Utility may be installed on any machine.